KENANGA INVESTMENT BANK BERHAD SUSTAINABILITY REPORT 2024 BASIS OF THIS REPORT OUR APPROACH TO SUSTAINABILITY KENANGA AT A GLANCE GOOD GOVERNANCE LEADERSHIP STATEMENTS SUSTAINABLE ECONOMIC GROWTH ENVIRONMENTAL STEWARDSHIP EMPOWERING PEOPLE AND COMMUNITIES APPENDIX 53 52 CYBER SECURITY WHY IT MATTERS Cybersecurity is becoming increasingly important as organisations transition to a future driven by digital innovation. At Kenanga, we aim to mitigate cyber risks by actively monitoring developments in the cyber landscape while strengthening cybersecurity measures across our operations. Azure Enterprise Skilling Initiative (“ESI”) We are progressively upskilling our IT workforce through Microsoft’s Azure ESI to continuously develop essential technical skills and knowledge to undertake Azure-related projects and initiatives. These measures also include training and certifications. In 2024, our IT personnel attended over 15 Azure training courses with a total of 223 training hours logged. Greening Data Centres Our efforts to enhance the sustainability of our data centres remain a key priority, reflecting our commitment to operational efficiency and environmental responsibility. Initiated in 2023, the programme aims to optimise energy usage and drive improvements in overall energy efficiency. This initiative entails upgrading our hardware—including servers, storage devices, and networking equipment—to energy-efficient versions, as well as virtualising servers to enhance resource utilisation. In 2024, the Group completed approximately 30% of the upgrades for storage and servers in total. While the functionality remains unchanged, the upgraded servers and storage are now sourced from green materials. Looking ahead to 2025, we plan to onboard a private cloud project to transition more traditional servers to a private cloud environment, further optimising resource efficiency and sustainability. FUTURE OUTLOOK Our ongoing assessments and enhancements of our systems and processes ensure we remain at the forefront of digital transformation in the financial industry. In 2025, we aim to digitise all forms to ensure that they can be easily accessed, filled and submitted electronically. Meanwhile, we will continue streamlining and refining existing processes to further improve efficiency, resolve any issues and align them with current standards and requirements. In addition, we will further enhance our automation processes by migrating all UI Path processes into Microsoft Power Automate, while continuing to roll out new RPAs. Cloud Adoption Strategy Our five (5)-year Cloud Adoption Strategy aligns with our Group-wide digital transformation ambitions, aiming to drive innovation and growth. Cloud infrastructure enhances scalability, performance, security, and resilience across the Group. In 2024, we advanced this strategy by completing key risk assessments under BNM’s Risk Management in Technology (“RMiT”) guidelines, successfully deploying iRemisier on Azure. Security was strengthened with a Palo Alto Firewall, and regulatory approval was obtained for Azure hosting as a Material Outsourcing arrangement. Kenanga’s Cloud Adoption Strategy is executed through the following two (2)-pronged approach: OUR APPROACH Our suite of IT policies forms the foundation of our IT governance, guiding our approach to managing cyber risks and responding to security incidents. Key Policies and Framework Cyber security is a formal risk component of Kenanga’s Enterprise Risk Management Framework. The Cyber Security Policy is built on regulatory guidelines, including Bank Negara Malaysia’s Risk Management in Technology (“RMiT”). The Group Confidential Information Policy incorporates various privacy legislations, including the Financial Services Act 2013, the Securities Industry (Central Depositories) Act 1991, BNM’s Management of Customer Information and Permitted Disclosures, and the Personal Data Protection Act 2010 (“PDPA”). This policy governs all data usage within Kenanga Group, including payment and settlement-related applications and systems (such as RENTAS and FAST), with data assets categorised into three (3) classifications: Regulated Confidential, Unregulated Confidential, and Public. Sensitive data discovery is incorporated into the Information Asset Inventory and is managed through embedded rules in the Data Loss Prevention (“DLP”) tool. The DLP rules are also aligned with the Group Confidential Information Policy. Project Zero Trust was initiated in response to the shift toward a “work from anywhere” model and the increasing reliance on cloud computing. It ensures employees can work seamlessly and securely, supported by a modern, agile network and security architecture that complies with RMiT requirements. Data Loss Prevention Framework Our DLP Framework defines data protection measures for sensitive information across various mediums to mitigate cyber threats. It is supported by Kenanga Group’s Cyber Security Policy and aligns with Bank Negara Malaysia and the Securities Commission Malaysia Guidelines on IT and Cyber Security. The Group’s DLP project was implemented to enhance visibility over data processes within the organisation. It enables us to track the location of confidential data, monitor its usage, and implement safeguards against data loss. The framework also establishes data protection measures for sensitive information across all endpoint devices and data egress channels, in line with our DLP Framework and Group Confidential Information Policy. We will leverage public cloud infrastructure services, such as Azure and Amazon Web Services (“AWS”), to accelerate time-to-market, enhance scalability, and improve resiliency for new cloud-native applications. Approach #1 – Public Cloud Currently, several of Kenanga’s applications are hosted in its data centre. We plan to implement a private cloud technology stack to modernise our on-premises data centre infrastructure by integrating cloud automation and security software. This initiative aims to enhance agility and flexibility in managing our infrastructure. We will prioritise hosting time-sensitive applications and those with high latency requirements in the private cloud. Approach #2 – Private Cloud Launched in 2024, Kenanga’s three (3)-year Project Zero Trust aims to enhance security across the Group’s network infrastructure. Key features include secure, seamless access to private applications, protection against internet threats, universal firewall enforcement, malware monitoring, and data loss prevention. Zero Trust Network Access’s “trust no one by default” approach centralises access control and enhances network visibility. The implementation is structured into three (3) phases: initial rollout at Headquarters, extension to branches, and final optimisation with policy reviews, ensuring a robust and future-ready IT environment. Project Zero Trust SUSTAINABLE ECONOMIC GROWTH SUSTAINABLE ECONOMIC GROWTH
RkJQdWJsaXNoZXIy MTc1ODMy